"Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack," the US-CERT advisory says. "The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape."

Intel did not respond to a request for comment.

Operating systems exposed to the vulnerability include Windows 7, Windows Server 2008 R2, 64-bit versions of FreeBSD and NetBSD, as well as systems that include the Xen hypervisor, Bitdefender said Friday. "While 32-bit operating systems are safe, Intel CPUs that use the Intel 64 extension need the security patches released by Microsoft in their MS12-042 security bulletin."

The flaw stems from the way the CPUs implement error handling in their version of the SYSRET instruction, which is part of the x86-64 standard defined by Advanced Micro Devices, according to the Xen community blog. "If an operating system is written according to AMD's spec, but run on Intel hardware, the difference in implementation can be exploited by an attacker to write to arbitrary addresses in the operating system's memory."

AMD processors are not affected, as well as VMware's virtualization software, which doesn't use the SYSRET instruction, Bitdefender said.